Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/samkit511/SAW---Security-Analyst-Workspace/llms.txt

Use this file to discover all available pages before exploring further.

The /assistant/request endpoint supports three request_type values: log_triage (covered in the log ingestion guide), incident_followup, and task_command. The last two let you re-engage the assistant pipeline against an incident that already exists, and give you a conversational interface for managing tasks without calling the /tasks endpoints directly. Both types benefit from the optional session_id field, which links requests into a continuous session so the assistant can maintain context across turns.

incident_followup

Use incident_followup to ask the assistant to re-analyze an existing incident, produce updated recommendations, and generate additional follow-up tasks. SAW reuses the stored classification from the original triage run rather than re-running the full pipeline from scratch. 
curl -X POST http://127.0.0.1:8080/assistant/request \
  -H "x-api-key: demo" \
  -H "Content-Type: application/json" \
  -d '{
    "request_type": "incident_followup",
    "user_id": "analyst-01",
    "session_id": "session-abc123",
    "payload": {
      "incident_id": "inc_7g8h9i0j1k2l",
      "message": "Please review next steps for this incident.",
      "source": "analyst_console"
    }
  }'

Required payload fields

FieldTypeDescription
incident_idstringThe incident_id returned from the original triage request
messagestringAnalyst question or instruction for the assistant
sourcestringLabel for the originating surface (e.g. analyst_console)
The response includes an updated agent_summary, any new tasks created by the follow-up run, and the same request_id / incident_id / workflow_status structure as a triage response: 
{
  "request_id": "req_m3n4o5p6q7r8",
  "incident_id": "inc_7g8h9i0j1k2l",
  "workflow_status": "COMPLETED",
  "agent_summary": "Follow-up analysis complete. Two new remediation tasks have been created: block the source IP and audit affected account activity.",
  "meta": {
    "trace_id": "req_m3n4o5p6q7r8",
    "schema_version": "2.0.0"
  }
}
The incident_id in the payload must match an incident that SAW has already stored. If you pass an unknown ID, the assistant will return an error or produce a degraded response with no stored context to work from.

task_command

Use task_command when you want to manage tasks through the assistant interface instead of calling /tasks directly. The action field in the payload controls which operation runs.
Create a new task linked to an incident:
curl -X POST http://127.0.0.1:8080/assistant/request \
  -H "x-api-key: demo" \
  -H "Content-Type: application/json" \
  -d '{
    "request_type": "task_command",
    "user_id": "analyst-01",
    "session_id": "session-abc123",
    "payload": {
      "action": "create",
      "title": "Analyst follow-up",
      "description": "Review incident from manual test",
      "incident_id": "inc_7g8h9i0j1k2l",
      "priority": "HIGH"
    }
  }'

task_command payload fields

FieldTypeRequired forDescription
actionstringallcreate, list, or complete
titlestringcreateTask title
descriptionstringcreateTask description
incident_idstringcreate, listIncident to associate or filter by
prioritystringcreateLOW, MEDIUM, or HIGH
task_idstringcompleteID of the task to mark complete

Session continuity

Both incident_followup and task_command accept a session_id string. Pass the same value across multiple requests to link them into a session. The assistant uses the session context to maintain awareness of prior turns — for example, referencing tasks created earlier in the same session without you re-supplying their IDs. 
{
  "request_type": "incident_followup",
  "user_id": "analyst-01",
  "session_id": "session-abc123",
  "payload": { "incident_id": "inc_7g8h9i0j1k2l", "message": "Any updates?" }
}
Omit session_id or set it to null if you want each request to be treated as an independent, stateless call.

Build docs developers (and LLMs) love

Get started for freeTalk to us